Ever since the FBI came out and said that North Korea was the main perpetrator of the Sony hack there’s been a storm of commenting from my fellow security professionals saying they don’t believe it.
They say the evidence they provided is too insubstantial to base their comments on. They say they have looked at the evidence themselves and have theories of their own.
All fair points, but here’s why I believe what the FBI said. It starts with a story I followed (can’t remember the program) about intelligence folks working in the D.C. area.
It was about a guy who had a TS SCI clearance for his entire life, and who was working on a lot of overseas operations that were tightly intwined in political news and current events. And he had friends in D.C. who were academics and overall smart people who had really strong opinions about these various places.
So they would argue and debate and discuss. The intelligence guy would listen to these very intelligent and thoughtful friends of his ramble on with their elaborate theories and models and ideas of how things were going down in these countries.
The problem was that they were 140% incorrect, and he knew this because he simply had information that they did not. So after a while he just stopped talking to them about those things.
What he realized is that it doesn’t matter how smart someone is if they don’t have access to the information in question.
And I feel like that’s the situation we have with the FBI and Sony. They have all the information, and we have none. So when someone in that position comes to you and tells you what’s up, you have three options:
- Accept their opinion because you know they have FAR more information than you do
- Discard their opinion because you think they’re untrustworthy
- Discard their opinion because you think they’re incompetent
The fourth option, which is to know that they’re generally competent and trustworthy with infinitely more data than you have—but still think you have better theories—is simply not available to you.
They are very likely to have a massive amount of information given to them by various intelligence sources unrelated to the case, and it seems likely that their conclusion was the result of combining all the inputs.
This is why I believe the FBI’s story at this point. It’s not that they have an advantage over us in forming an intelligent opinion: it’s that they are in a position to make one at all, and we are not.
- [ UPDATE: 08.01.24 ] Richard Bejtlich posted a response to this here.
- When I say I believe the FBI, the truth is that I just mostly believe them. I’m quite aware that they can possibly be both deceptive or wrong. But I’m not so cynical as to doubt them outright.
- I held a secret clearance myself in the military, and have had some minor degree of exposure to such things.